Cover Image: https://montrealethics.ai/wp-content/uploads/2021/03/christian-lue-G6RE_to6Lus-unsplash-768×512.jpg
Germany faces escalating espionage and sabotage threats from China, Russia, and Iran, targeting its political stability, critical infrastructure, and intellectual assets. A surge in arrests and cyberattacks reveals deeply embedded foreign networks exploiting legal loopholes, academic openness, and industrial vulnerabilities. While Russian operations include sabotage and proxy violence, China leverages economic infiltration, and Iran focuses on dissidents and Jewish communities. Despite ramping up security efforts, Germany’s intelligence services remain hampered by legal and structural constraints. To counter these threats, Germany must pursue strategic adaptation, strengthen counterintelligence, deepen European coordination, increase due diligence across industry and academia, and raise awareness in civil society.
Germany’s struggle against espionage and sabotage regained attention in July with the arrest of a Danish man in Aarhus suspected of spying on behalf of Iran, likely for Iran’s Revolutionary Guard Corps, allegedly gathering intelligence on Jewish institutions and individuals in Berlin for possible attacks. This case highlights how Iran, alongside China and Russia, is leveraging covert networks to penetrate Germany’s open society, targeting not only dissidents and communities but also critical infrastructure and political stability. As Berlin summoned the Iranian ambassador in protest, the arrest demonstrated the reality that Germany faces: its sovereignty and security are being challenged not by overt military aggression but by persistent, state-backed espionage and grey-zone sabotage designed to erode resilience from within. This incident is not isolated but part of a wider pattern over the past years, where these foreign powers have escalated operations on German soil, exploiting academic openness, industrial vulnerabilities, and societal freedoms to advance their interests under the radar. Germany’s response to this evolving landscape of covert pressure needs to be at the center of the country’s intelligence strategy to safeguard its democratic institutions and industry, while remaining resilient amid a new era of great power competition.
A Surge in Espionage Arrests
In 2025 alone, Germany witnessed a surge in espionage-related arrests, revealing the scale of foreign infiltration. High-profile cases include the arrest of Jian G., a former aide to AfD’s Maximilian Krah, accused of leaking over 500 classified European Parliament documents to Chinese intelligence; the detention of Chinese nationals caught spying on arms shipments at Leipzig/Halle airport and a German naval base; and the arrest of a U.S. citizen in Germany on suspicion of offering to provide sensitive U.S. military information to Chinese officials. Additionally, three Germans were apprehended for attempting to pass advanced engine designs to China, showing how deeply China’s networks have penetrated Germany’s manufacturing and dual-use technology sectors.
Russia’s efforts have been equally bold, if not bolder. Three German-Russian nationals are currently on trial for planning sabotage attacks on a Bavarian oil refinery and a U.S. military base near Grafenwöhr, part of a broader Kremlin-backed campaign to undermine Germany’s military support for Ukraine. In another case, three Ukrainians were arrested for plotting parcel bomb attacks intended to disrupt military aid shipments, acting under Russian direction. According to the Federal Office for the Protection of the Constitution (BfV), these arrests only scratch the surface of ongoing surveillance operations against suspected Russian assets embedded in logistics hubs, infrastructure nodes, and even within German political circles sympathetic to narratives that erode support for Ukraine. These arrests are not isolated events but signal a broader evolution in the threat landscape facing Germany, where both espionage and sabotage activities have intensified in parallel, reflecting a more aggressive and integrated Russian approach.
Science and Industry Facing Systematic Threats
In addition to cyber campaigns against German government institutions, China’s systematic targeting of German science and industry is part of its long-term plan to rival the West economically and militarily by 2049. A 2024 case involving Chemnitz University of Technology highlights how China exploits Germany’s open academic environment to access dual-use technologies. Three individuals were arrested for spying on behalf of Chinese intelligence after commissioning a study on plain bearings in Chemnitz, components relevant for military applications. Other universities, including Duisburg-Essen and Stuttgart, had informal contact with the suspects. The case prompted the then Research Minister Bettina Stark-Watzinger to call for stricter oversight of collaborations with China, while the BfV warned that universities often lack the awareness and safeguards needed to detect espionage risks. Experts have urged clearer national guidelines, standardized due diligence tools, and better support for academic institutions navigating this security challenge.
The scope of this challenge is enormous. A 2024 Bitkom survey highlighted that nearly 45% of German firms have faced Chinese cyberattacks, with sectors ranging from pharmaceuticals to advanced manufacturing, renewable energy, and automotive systems targeted for industrial espionage. While German companies have increased IT security budgets, systemic vulnerabilities remain. Small and medium-sized enterprises (SMEs), which form the backbone of Germany’s industrial landscape, often lack advanced intrusion detection systems and struggle to implement rigorous supply chain security.
China’s approach remains pragmatic and persistent: while high-profile cyber incidents attract media attention, a significant portion of intellectual property theft occurs via legal loopholes in joint ventures, acquisitions, and academic exchanges, where German legal frameworks and a culture of openness have proven easy to exploit. Cyberattacks, however, offer speed, deniability, and a way to demonstrate technical prowess, serving as both a tool for immediate access and a signal of capability.
Russia’s Hybrid Sabotage Campaigns in Germany
Russia’s hybrid warfare extends far beyond espionage and online disinformation to direct sabotage on German soil. From the foiled plot to assassinate Rheinmetall CEO Armin Papperger to sabotage attempts on critical rail infrastructure, bomb plots, and cyberattacks, Russia’s aim is clear: disrupt Germany’s defense industry, undermine political stability, and erode public support for Ukraine.
Russia’s operatives often rely on local proxies, including radicalized elements within far-right and far-left groups, to conduct vandalism or sabotage missions while shielding Moscow from direct attribution. Instances of low-level sabotage, such as the systematic vandalization of vehicles and the alleged cutting of fiber-optic communications cables in the Baltic Sea, may appear minor but contribute to a broader psychological campaign to generate a sense of instability.
The BfV and NATO now acknowledge that these operations represent an escalation in Russia’s hybrid campaign, shifting from non-lethal influence operations to kinetic actions. This shift mirrors Russian doctrine under the “Gerasimov model,” which conceptualizes the full spectrum of hybrid warfare to achieve strategic objectives without triggering a conventional military response.
Iran’s Espionage and the Shadow of Middle Eastern Conflict
Iran’s intelligence activities in Germany have intensified in parallel with the Israel-Iran conflict. Tehran’s goals in Germany are multifaceted: monitoring and intimidating Iranian dissidents, gathering intelligence on Jewish communities and Israeli diplomatic assets, and positioning itself for potential retaliatory operations.
Groups like Charming Kitten (APT35) and other IRGC-affiliated cyber units have ramped up phishing campaigns targeting exiled Iranian journalists and activists in Berlin and Hamburg, as well as NGOs and pro-Israeli organizations. German cybersecurity officials have noted a rise in sophisticated spear-phishing campaigns that use fake conference invitations or credential-harvesting pages designed to look like German academic or policy institutions. Moreover, following the 2022-2023 protests in Iran over Mahsa Amini’s death, Germany reported a rise in Iranian espionage targeting exiled dissidents. Reports revealed that Iranian intelligence activities have increasingly focused on opposition figures and pro-Israeli or Jewish communities in Germany. The BfV identified 160 individuals linked to Iran and the Revolutionary Guards Corps, highlighting a broader campaign of surveillance aimed at suppressing dissent abroad.
Amid escalating Middle Eastern tensions, German authorities fear that Iran’s networks could activate sleeper assets for direct attacks on Jewish and Israeli institutions or conduct sabotage operations against critical infrastructure in solidarity with Tehran’s anti-Israel rhetoric. The foiled espionage operation by a Danish man linked to Iran and the ongoing tension between Israel and Iran have led to an expansion of protective measures across sensitive Jewish sites in Germany.
Image: Tim Studler.
Germany’s Intelligence Dilemma and Constraints
Germany’s intelligence services, shaped by historical restrictions stemming from the Stasi legacy and postwar limitations, face significant challenges in countering these modern espionage and sabotage threats. Agencies like the BfV have doubled staffing, while the Federal Intelligence Service (BND) is attempting to increase staffing for counterintelligence and hybrid threat monitoring, but they remain constrained by legal frameworks that limit surveillance scope and operational flexibility compared to the U.S. or U.K.
For example, data privacy laws and the separation between police and intelligence functions, while vital for safeguarding civil liberties, create friction in rapidly responding to active sabotage plots. Politicians and intelligence officials have increasingly argued for a calibrated expansion of intelligence agencies’ powers, including the ability to conduct online surveillance of suspects linked to foreign intelligence or ideological radicalization without lengthy judicial processes that often allow adversaries to dismantle their networks before German authorities can act.
Adding to Germany’s intelligence dilemma is the shifting international environment. The potential decoupling of U.S. intelligence sharing, signaled by the CIA’s suspension of intelligence exchanges with Ukraine in 2025, has alarmed German policymakers who fear a trickle-down effect impacting European security coordination. Proposals for a European intelligence-sharing alliance under a “Euro Eyes” framework have gained momentum, driven by the recognition that Europe cannot solely rely on the Five Eyes network to protect critical infrastructure in an era of rising threats.
Strategic Adaptation
Recent espionage and sabotage efforts by China, Russia, and Iran have exposed the systemic vulnerabilities within Germany’s corporate, scientific, military, and governmental sectors. These activities are not isolated incidents, but components of a sustained campaign designed to undermine Germany’s influence in Europe while advancing the strategic goals of foreign adversaries. The threats are multifaceted and persistent, demanding a more agile and comprehensive approach to national security.
One key area of focus is improving security within critical industries and research institutions. Enhanced due diligence and more rigorous screening procedures are essential to protect intellectual property and prevent covert operatives from gaining access under the guise of collaboration. Simultaneously, Germany must harden its critical infrastructure by investing in cutting-edge cyber defense, physical security measures, and robust supply chain safeguards that can deter and withstand sabotage attempts.
Counter-intelligence operations must also evolve. This means expanding the capabilities of the BND and BfV to proactively disrupt hostile networks while ensuring these agencies operate under democratic oversight to prevent overreach. A stronger domestic security posture must be matched by improved coordination with European partners. A framework such as “Euro Eyes” could enable seamless intelligence sharing and synchronized threat assessments, a necessity as transatlantic intelligence flows become less certain.
Finally, bolstering societal resilience is paramount. Germany must foster greater public awareness of disinformation, influence operations, and hybrid tactics designed to erode democratic confidence.
At a Crossroads
Germany is at a pivotal juncture. The stakes of inaction are high, risking the erosion of technological leadership, economic competitiveness, and political stability. The security environment has fundamentally shifted, and so must Germany’s approach.
Expanding the capabilities of German intelligence and security services, even at the cost of revisiting restrictive frameworks, will be essential to preserving the integrity of German institutions and the safety of its citizens. But the responsibility does not lie with the government alone. Industry and research institutions must adapt as well, implementing stronger safeguards, tightening due diligence, and recognizing that openness cannot come at the expense of strategic vulnerability. Failure to adapt would risk allowing Germany to become the weak link in Europe’s collective defense, enabling adversaries to exploit the very structures that underpinned its prosperity.
